SANS NewsBites is a semiweekly high-level executive summary of the most important news articles that have been published on computer security during the last week. Each news item is very briefly summarized and includes a reference on the web for detailed information, if possible.

Spend five minutes per week to keep up with the high-level perspective of all the latest security news. New issues are delivered free every Tuesday and Friday.

Volume XIX - Issue #18

March 3, 2017

A tribute to Howard Schmidt

A man of great accomplishment and passion for cybersecurity passed away yesterday. Howard was one of the longest serving editors of this newsletter, and a few weeks ago he and his wife Raemarie invited me to the lake house in Wisconsin, so I could deliver the Lighthouse Award recognizing a lifetime of leadership in cybersecurity, and for a final hug.

John Pescatore, who led Gartner's cybersecurity group for half his career, spoke thusly of Howard in the Lighthouse Award statement:

"I first met Howard in the late 1990's when I was doing security consulting at Microsoft and Howard joined them as CISO. I immediately saw he was one of those CISOs who "got it" - focus on the things in security that are important to protecting the business and the customers and work to get security injected into all aspects of the business. Over the years he continued to bring that perspective to the government side and the private industry side and was always one who stayed pointed towards true security north."

Howard's career highlights:

"Howard Schmidt has had a long and distinguished career in cybersecurity, shining a bright light on important security issues in government and private industry for over 40 years. He started his career in the Air Force with both active military service and as a civilian employee with AF OSI. He then spent 15 years in law enforcement, first with the Chandler AZ police department and then the FBI. From 1997 to 2001, Howard was CISO at Microsoft before being appointed by President Bush as vice chair of the President's Critical Infrastructure Protection Board and as the special adviser for cyberspace security for the White House. He retired from government and became CISO at eBay before returning to government service in 2009 as President Obama's Cybersecurity Advisor until 2012."

INTERNET STORM CENTER TECH CORNER

INTERNET STORM CENTER TECH CORNER*********** Sponsored By Malwarebytes ***********
Cyberattacks and cybersecurity, or a lack thereof, grabbed media attention on both the corporate and consumer sides, even becoming a key issue in the US presidential election. In this respect, you could say that everyone, even those who have never logged on, was affected by cyberattacks and hacking in 2016. Check out this research paper." http://www.sans.org/info/192507
***************************************************************************

As the military services work to perfect techniques to build skills and trust in their cyber protection teams (CPTs), the U.S. Army has perfected an important ingredient: a realistic simulator that allows each member of the CPT to test, measure, and improve their cyber attack and defense skills and the team to build trust in each other. In a full-scale, small city in Butlerville, Indiana, called Cybertropolis, the team was challenged to conduct an interactive battle against attackers on the prison systems and, specifically, to detect and counter anti-virus evasion, network enumeration, ransomware, client-side attacks, pivoting, network service exploitation, privilege escalation, attacks against industrial control systems and Windows' domain attacks. According to Maj. Joe Marty, team leader, "Cybertropolis provided our team the most realistic training environment we have encountered. We hope other CPTs get to experience this." [Editor: Congratulations to Ed Skoudis (ed@counterhack.com, NewsBites editor and CounterHack Challenges lead), and Eric Bassel (ebassel@sans.org of SANS) for their ground-breaking support for the U.S. Army CPTs in this important project.]
[Editor Comments]
[Paller] The article below is at a U.S. Army unclassified web site and provides great detail on how the simulation works and fits with CPT development.
Read more in:
154th Cyber Protection Team engaged in network defense at Cybertropolis, Indiana https://www.army.mil/article/183500/154th_cyber_protection_team_engaged_in_network_defense_at_cybertropolis_indiana

Democratic members of the U.S. House of Representatives House Energy and Commerce Committee have introduced three bills that would require the Federal Communications Commission (FCC) to take a strong position regarding cybersecurity. The bills would require that the FCC adopt rules protecting communications networks; establish an interagency panel to deal with cybersecurity investigations; and require Internet of Things (IoT) devices to adopt certified cybersecurity standards.
[Editor Comments]
[Pescatore] As the next news item points out, we are unlikely to see the FCC force the ISPs to take more action on security. It would be good to see the telecoms industry take initiative to improve the security of the customers and forestall any future regulation.
Read more in:
The Hill: House Dems push FCC to adopt stringer cybersecurity measures http://thehill.com/policy/technology/322009-house-dems-push-fcc-to-adopt-stronger-cybersecurity-measures

Amazon Cloud Storage Suffers Outage
(March 1 & 2, 2017)

Amazon's cloud services suffered an outage on Tuesday, February 28. The problem was due to a failure at Amazon S3 cloud storage service data centers in Virginia and was fixed the same day, roughly four hours after it began. The outage affected Internet traffic across the United States. Apps and websites that rely on the Amazon Web Services Internet connected storage were slowed and in some cases disabled. The incident appears to have been caused by a typo. While looking into an issue that was causing the S3 billing system to run slowly, an Amazon team member executed a command intended to take a few S3 servers offline. Instead, the mistyped command caused a larger number of servers to be taken offline, some of which ran systems for the East Coast region. Correcting the problem required a full restart.
[Editor Comments]
[Pescatore ] In the early days of business use of the Internet, when you drew a network diagram you drew a big squiggly cloud labeled "Internet." Back then, we learned the connection to that cloud was a single point of failure for critical business services and, even though the ISP might meet its monthly SLA, we needed redundant Internet connections to handle longer-term outages - good old business continuity. The same is true for cloud services - AWS may very well meet its monthly SLAs but too many of its customers had no continuity plans in place. By the way, even before the Internet as squiggly cloud needed redundancy, we learned that the electricity "cloud" serving the data center needed backup, too - and regular testing of that backup.
[Honan] A good example of why effective business continuity planning in the cloud should look at cross regional support for your application. Just because your application or system runs from a cloud servicer provider does not mean it absolves you from identifying the associated availability risks and looking for ways to address them.
Read more in:
WSJ: Amazon Grapples With Outage at AWS Cloud Service x2028https://www.wsj.com/articles/amazon-grapples-with-outage-at-aws-cloud-service-1488323097
Fortune: Here's Why Amazon's Cloud Suffered a Meltdown This Week http://fortune.com/2017/03/02/amazon-cloud-outage/
USA Today: Amazon mystery solved: A typo took down a big chunk of the Internet http://www.usatoday.com/story/tech/news/2017/03/02/mystery-solved-typo-took-down-big-chunk-web-tuesday/98645754/